25. July 2011 · Comments Off on Google+ Gets a “+1″ for Browser Security | The Barracuda Labs Internet Security Blog · Categories: blog · Tags: , , ,

Google+ Gets a “+1″ for Browser Security | The Barracuda Labs Internet Security Blog.

Barracuda compares Google+ vs Facebook with respect to SSL and Secure Headers. Google+ wins.

29. November 2010 · Comments Off on Clear-text is Fine…It’s Internal. · Categories: blog · Tags: , , , ,

Clear-text is Fine…It’s Internal..

In light of the recent discussions about public websites using SSL or not, our Managed Security Services Provider partner Solutionary discusses the reasons for NOT using clear text protocols even within the enterprise:

  • Corporate Insider / Disgruntled Employee
  • DMZ Host Compromised Externally
  • Internal Host Compromised Externally

Some examples of clear-text protocols and their encrypted alternatives are:
o    FTP -> SFTP
o    HTTP -> HTTPS
o    telnet -> SSH
o    SNMPv1 & 2 -> SNMPv3

29. November 2010 · Comments Off on Zscaler Research: Why the web has not switched to SSL-only yet? · Categories: blog · Tags: , ,

Zscaler Research: Why the web has not switched to SSL-only yet?.

Great post following up on the Firesheep threat, detailing the reasons why more websites are not using SSL:

  • Server overhead
  • Increased latency
  • Challenge for CDNs
  • Wildcard certificates are not enough
  • Mixed HTTP/HTTPS: the chicken & the egg problem

Zscaler did a follow up blog post, SSL: the sites which don’t want to protect their users, highlighting popular sites which do not use SSL.

Full disclosure – Zscaler is a Cymbel partner.